Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

ATP Sensor Requirment

Brass Contributor

Hi All,

 

 I have a domain with 100+ servers. So do we need to install ATP Sensor for all? 

 

 

As 

4 Replies

@aussupport 

Azure ATP only needs to be deployed on the Domain controllers to monitor the environment, it's important to install on all of them

@Or Tsemah  Thanks. I understand that need to instal on DC's but why we need to install on all the DC's?

if we have few DC's in each site can one of them not enough? 

@aussupport It won't ensure that Azure ATP has the maximum chance of catching a malicious behavior.

Although AD data is distributed between the DCs, Azure ATP also listen to network traffic for example for example, that is why having 100% coverage is crucial.

best response confirmed by aussupport (Brass Contributor)
Solution

@aussupport it's the nature of the onPrem AD, the reason you have multiple DC's is to ensure HA? So what if a malicious login occurs against a DC that doesn't have the Sensor deployed?

That being said, even having the sensor's deployed to 10 - 20% of the DC's will give you some coverage, but the Question then is "are you catching all the bad stuff, or are you missing something vital?"

 

Hope that helps?

Dave C

1 best response

Accepted Solutions
best response confirmed by aussupport (Brass Contributor)
Solution

@aussupport it's the nature of the onPrem AD, the reason you have multiple DC's is to ensure HA? So what if a malicious login occurs against a DC that doesn't have the Sensor deployed?

That being said, even having the sensor's deployed to 10 - 20% of the DC's will give you some coverage, but the Question then is "are you catching all the bad stuff, or are you missing something vital?"

 

Hope that helps?

Dave C

View solution in original post